Bribery, fraud and anti-money laundering | UK Regulatory Outlook March 2026

Government publishes Fraud Strategy 2026-2029 

The Home Office has published its Fraud Strategy for 2026-2029, setting out the government's new approach to tackling fraud against individuals and businesses. The government has committed over £250 million to deliver the strategy, which is structured around three pillars (disrupt, safeguard and respond).  

Key measures include: 

• Online Crime Centre: The government has committed £31 million to establish this new public-private body, which is set to begin operations in April 2026. Led by the Home Office and the National Crime Agency, the Online Crime Centre (OCC) will facilitate the sharing of data across different partners, analyse intelligence to inform and coordinate law enforcement interventions with a focus on fraud and high-volume cyber crime.
• Expanding corporate liability: The Home Office will continue to consider whether to introduce civil penalties for fraud and facilitating money laundering, potentially drawing on models such as the Public Authorities (Fraud, Error and Recovery) Act 2025, which introduced powers to issue civil penalties for fraud.
• Failure to prevent fraud: The new corporate offence of failure to prevent fraud was introduced by the Economic Crime and Corporate Transparency Act 2023 and came into effect in September 2025. The strategy reminds large organisations that they must implement procedures to prevent fraud by associated persons. This signals that the offence will be an active enforcement priority, and organisations that have not yet fully implemented their fraud prevention frameworks should look to do so as a matter of priority.
• Data sharing: The Home Office has launched a call for evidence on economic crime information sharing. It seeks input on how cross-border and private sector data sharing could be improved, and will examine information sharing in relation to any economic crime activity, including fraud, money laundering, corruption and asset recovery. The call will also support work to build a public-private Data Strategy, as well as other Economic Crime Plan 2 initiatives. The call for evidence closes on 18 May 2026. 

For further details, see Lord Hanson's speech announcing the launch of the Fraud Strategy. 

HM Treasury publishes guidance on using digital identities under the MLRs 

HM Treasury has published new guidance on how digital identity services can be used by regulated businesses to meet their obligations under the UK's anti-money laundering rules.  

This guidance explains how the UK digital identity and attributes trust framework interacts with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs), and is approved guidance for the purposes of compliance with those regulations.  

A digital identity is defined as a digital representation that allows a person to prove their identity during transactions and interactions, without presenting physical documents, and can be used online or in person via a computer or smartphone.  

The guidance confirms that digital identity services can be independently certified against the trust framework and, once certified, may apply to be listed on the digital verification services (DVS) register (a publicly available register that can be used by regulated entities as part of customer due diligence). 

It highlights that certified and registered digital identity services are recognised as a reliable and independent source of information and can be used by regulated businesses as part of their customer checks. In particular, they can be used to fulfil identity verification obligations under Regulation 28 of the MLRs, including verification of company directors. 

Digital identity services that are not certified and not listed on the DVS Register cannot reliably be considered suitable for identity verification under the MLRs. Businesses should therefore ensure that any digital identity tool they use meets this standard. While digital identities can assist with identification and verification, they do not satisfy all aspects of customer due diligence: for example, assessing the purpose and intended nature of a business relationship. Businesses should ensure that existing processes for those wider checks remain in place. 

Regulated businesses remain ultimately responsible for ensuring that customer due diligence is carried out correctly, even when using digital identity services. Businesses should also ensure that any digital identity service they use is capable of meeting the record-retention requirements set out in Regulation 40 of the MLRs. 

FATF releases report on stablecoins and unhosted wallets 

The Financial Action Task Force (FATF) has published a targeted report on stablecoins and unhosted wallets. The report highlights the risks associated with the criminal misuse of stablecoins and recommends actions, new technologies and blockchain analytical tools that can be deployed to mitigate risk and to detect and disrupt illicit activity. 

The report also sets out good practice guidance for the private sector on mitigating the misuse of stablecoins. This includes recommendations for stablecoin issuers to implement risk-based technical and governance controls enabling them to freeze, burn or withdraw stablecoins where necessary.